metasploit-framework/modules/auxiliary/scanner/misc/redis_server.rb

##
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

require 'msf/core'

class Metasploit3 < Msf::Auxiliary

  include Msf::Auxiliary::Report
  include Msf::Auxiliary::Scanner
  include Msf::Exploit::Remote::Tcp

  def initialize(info={})
    super(update_info(info,
      'Name'         => 'Redis-server Scanner',
      'Description'  => %q{
          This module scans for Redis server. By default Redis has no auth. If auth
        (password only) is used, it is then possible to execute a brute force attack on
        the server. This scanner will find open or password protected Redis servers and
        report back the server information
      },
      'Author'       => [ 'iallison <ian[at]team-allison.com>' ],
      'License'      => MSF_LICENSE
    ))

    register_options(
      [
        Opt::RPORT(6379),
      ], self.class)

    deregister_options('RHOST')
  end

  def run_host(ip)
    print_status("Scanning IP: #{ip.to_s}")
    begin
      pkt = "PING\r\n"
      connect
      sock.put(pkt)
      res = sock.get_once

      if res =~ /PONG/
        info = "INFO\r\n"
        sock.put(info)
        data = sock.get_once
        print_status("Redis Server Information #{data}")
        data_sanitized = data.to_s
      elsif res =~ /ERR/
        auth = "AUTH foobared\r\n"
        sock.put(auth)
        data = sock.get_once
        print_status("Response: #{data.chop}")
        if data =~ /\-ERR\sinvalid\spassword/
          print_status("Redis server is using AUTH")
        else
          print_good("Redis server is using the default password of foobared")
          report_note(
            :host => rhost,
            :port => rport,
            :type => 'password',
            :data => 'foobared'
          )
        end
      else
        print_error "#{ip} does not have a Redis server"
      end

      report_service(
        :host => rhost,
        :port => rport,
        :name => "redis server",
        :info => data_sanitized
      )

      disconnect

    rescue ::Exception => e
      print_error "Unable to connect: #{e.to_s}"
    end
  end
end
Solved most of msftidy issues with the /modules directory 2011-11-28 04:42:59 +00:00			`##`
Redo the boilerplate / splat [SeeRM #8496] 2013-10-15 18:50:46 +00:00			`# This module requires Metasploit: http//metasploit.com/download`
			`# Current source: https://github.com/rapid7/metasploit-framework`
Solved most of msftidy issues with the /modules directory 2011-11-28 04:42:59 +00:00			`##`

			`require 'msf/core'`

			`class Metasploit3 < Msf::Auxiliary`

Retab modules 2013-08-30 21:28:54 +00:00			`include Msf::Auxiliary::Report`
			`include Msf::Auxiliary::Scanner`
			`include Msf::Exploit::Remote::Tcp`
Solved most of msftidy issues with the /modules directory 2011-11-28 04:42:59 +00:00
Retab modules 2013-08-30 21:28:54 +00:00			`def initialize(info={})`
			`super(update_info(info,`
			`'Name' => 'Redis-server Scanner',`
			`'Description' => %q{`
			`This module scans for Redis server. By default Redis has no auth. If auth`
			`(password only) is used, it is then possible to execute a brute force attack on`
			`the server. This scanner will find open or password protected Redis servers and`
			`report back the server information`
			`},`
			`'Author' => [ 'iallison <ian[at]team-allison.com>' ],`
			`'License' => MSF_LICENSE`
			`))`
Solved most of msftidy issues with the /modules directory 2011-11-28 04:42:59 +00:00
Retab modules 2013-08-30 21:28:54 +00:00			`register_options(`
			`[`
			`Opt::RPORT(6379),`
			`], self.class)`
Solved most of msftidy issues with the /modules directory 2011-11-28 04:42:59 +00:00
Retab modules 2013-08-30 21:28:54 +00:00			`deregister_options('RHOST')`
			`end`
Solved most of msftidy issues with the /modules directory 2011-11-28 04:42:59 +00:00
Retab modules 2013-08-30 21:28:54 +00:00			`def run_host(ip)`
			`print_status("Scanning IP: #{ip.to_s}")`
			`begin`
Fix redis communication 2013-11-16 01:36:18 +00:00			`pkt = "PING\r\n"`
			`connect`
			`sock.put(pkt)`
			`res = sock.get_once`
Solved most of msftidy issues with the /modules directory 2011-11-28 04:42:59 +00:00
Retab modules 2013-08-30 21:28:54 +00:00			`if res =~ /PONG/`
Fix redis communication 2013-11-16 01:36:18 +00:00			`info = "INFO\r\n"`
			`sock.put(info)`
			`data = sock.get_once`
Retab modules 2013-08-30 21:28:54 +00:00			`print_status("Redis Server Information #{data}")`
			`data_sanitized = data.to_s`
			`elsif res =~ /ERR/`
Fix redis communication 2013-11-16 01:36:18 +00:00			`auth = "AUTH foobared\r\n"`
			`sock.put(auth)`
			`data = sock.get_once`
Retab modules 2013-08-30 21:28:54 +00:00			`print_status("Response: #{data.chop}")`
			`if data =~ /\-ERR\sinvalid\spassword/`
			`print_status("Redis server is using AUTH")`
			`else`
			`print_good("Redis server is using the default password of foobared")`
			`report_note(`
			`:host => rhost,`
			`:port => rport,`
			`:type => 'password',`
			`:data => 'foobared'`
			`)`
			`end`
			`else`
			`print_error "#{ip} does not have a Redis server"`
			`end`
Solved most of msftidy issues with the /modules directory 2011-11-28 04:42:59 +00:00
Retab modules 2013-08-30 21:28:54 +00:00			`report_service(`
			`:host => rhost,`
			`:port => rport,`
			`:name => "redis server",`
			`:info => data_sanitized`
			`)`
Solved most of msftidy issues with the /modules directory 2011-11-28 04:42:59 +00:00
Retab modules 2013-08-30 21:28:54 +00:00			`disconnect`
Solved most of msftidy issues with the /modules directory 2011-11-28 04:42:59 +00:00
Retab modules 2013-08-30 21:28:54 +00:00			`rescue ::Exception => e`
			`print_error "Unable to connect: #{e.to_s}"`
			`end`
			`end`
Solved most of msftidy issues with the /modules directory 2011-11-28 04:42:59 +00:00			`end`